Dig Into the Deep Web

Mention the “Deep Web” and most people will instantly associate it with the part of the Internet used for nefarious and illegal activities. For others, it is this inaccessible side of the Web, the one that requires a lot of technical skill and know-how to reach. Although these assumptions are somewhat correct, they only cover a small portion of the Deep Web as a whole.

Two sides of the coin
Anonymity is the main feature of the Deep Web, and there are plenty of people who would want to use and abuse that. For example, people who want to shield their communications from government surveillance may want to take refuge in darknets. Whistleblowers, like Edward Snowden, can share vast amounts of insider information to journalists without leaving a paper trail. Dissidents in restrictive regimes may need anonymity in order to safely let the world know what’s happening in their country.
On the flipside, those with malicious intentions can also greatly benefit from this anonymity. For example, drug sellers wouldn’t want to set up shop in an online location where law enforcement can easily determine their IP address. The same could be said for those engaged in other illegal activities like selling contraband and stolen goods.
Digging into the Deep Web
We decided to look further down the rabbit hole to get more information about the illegal activities and services offered in the Deep Web. To get information, we employed our system, called the Deep Web Analyzer (DeWa). DeWa is responsible for collecting URLs linked to the Deep Web, including TOR- and I2P-hidden sites and Freenet resource identifiers, and trying to extract relevant information tied to them like page content, links, email addresses, HTTP headers, and so on.
So far, we’ve collected more than 38 million events that account for 576,000 URLs, 244,000 of which bear actual HTML content.
DeWa also has a feature that alerts us if hidden services get a lot of traffic or if there is a large hike in number of sites. This is especially helpful in finding new malware families of cybercriminals who use TOR-hidden services to hide the more permanent parts of their infrastructures.
Cybercrime in the Deep Web
Among our observations was the fact that light drugs (read: cannabis) were the most-exchanged goods, followed by pharmaceutical products like Ritalin and Xanax, hard drugs, and even pirated games and online accounts.

The Deep Web is also home to Bitcoin and money-laundering services. Bitcoin offers a level of anonymity for users. As long as they don’t link their wallet code to their real identities, they are, to some extent, anonymous. Nonetheless, Bitcoin transactions are public, which means investigators can still examine them. Numerous services have sprouted in the Deep Web, offering to move Bitcoins through a network via micro transactions. Paying a handling fee will result in the customer getting the same amount of money but with the added bonus of having transactions that are harder to track or pin down.

The challenge of the Deep Web
Anonymity in the Deep Web will continue to raise a lot of issues and be a point of interest for both law enforcers and Internet users who want to circumvent government surveillance and intervention. Right now, there seems to be a race between “extreme libertarians” and law enforcement agencies, with the former trying to find new ways to become even more anonymous and untraceable.